Cross-chain bridge Nomad hacked, $191 million stolen

moneycontrol.com:

In a major hack involving a cryptocurrency project, impersonators on Tuesday drained the cross-chain bridge Nomad of about $191 million, nearly emptying it of funds.

The cross-chain bridge allows transfers between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1 and Moonbeam (GLMR).

$190.7 million stolen

According to aggregator DeFi TVL and analytics provider DefiLlama, the total amount taken stood at $190.7 million.

After the hack, the total value locked with the project is $5,900, according to DefiLlama.

At 9.32 UTC, 100 Wrapped Bitcoin (WBTC) worth $2.3 million were withdrawn from Nomad in the first unauthorised transaction.

Even as the community raised an alarm of an exploit, Nomad stated that it knew of the incident involving the Nomad token bridge and that it was investigating and would provide updates in due course.

“We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz,” Nomad stated.

Also Read | Crema exploit: Hacker returns stolen funds

IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) are among the tokens that were taken, along with WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG) and Dai (C3).

Funds transferred to hundreds of addresses

Notably, in contrast to earlier attacks, hundreds of addresses received money from the bridge as a result of this hack.

In addition, the Moonbeam smart contract platform (GLMR) entered maintenance at 11.18 PM UTC. This was carried out to look into a possible